ikev2: Drop IKE_SA_INIT messages that don't have the initiator flag set
authorTobias Brunner <tobias@strongswan.org>
Wed, 10 Jun 2015 13:53:08 +0000 (15:53 +0200)
committerTobias Brunner <tobias@strongswan.org>
Thu, 20 Aug 2015 14:05:02 +0000 (16:05 +0200)
While this doesn't really create any problems it is not 100% correct to
accept such messages because, of course, the sender of an IKE_SA_INIT
request is always the original initiator of an IKE_SA.

We currently don't check the flag later, so we wouldn't notice if the
peer doesn't set it in later messages (ike_sa_id_t.equals doesn't
compare it anymore since we added support for IKEv1, in particular since
17ec1c74de).

src/libcharon/network/receiver.c

index 6902c48..0762332 100644 (file)
@@ -542,7 +542,9 @@ static job_requeue_t receive_packets(private_receiver_t *this)
        if (message->get_request(message) &&
                message->get_exchange_type(message) == IKE_SA_INIT)
        {
-               if (this->initiator_only || drop_ike_sa_init(this, message))
+               id = message->get_ike_sa_id(message);
+               if (this->initiator_only || !id->is_initiator(id) ||
+                       drop_ike_sa_init(this, message))
                {
                        message->destroy(message);
                        return JOB_REQUEUE_DIRECT;